diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2016-11-09 13:30:18 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2016-11-09 13:30:18 +0000 |
| commit | f118fc0619912997efe6acced5eebed88acfa741 (patch) | |
| tree | ee32ab4c0b71f9243c1ac432fc107d34d88c749a /puppet | |
| parent | 465324cb6aa85b56b4390b01425190b23a64acf3 (diff) | |
| parent | 65db3743ab8d46e135e5e33f6707b2ea274fcdcd (diff) | |
Merge "Enable internal TLS for Nova API"
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/nova-api.yaml | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 3cc238c1..49bd84bc 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -51,6 +51,9 @@ parameters: default: tag: openstack.nova.api path: /var/log/nova/nova-api.log + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -62,6 +65,7 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -101,21 +105,26 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true + nova::api::api_bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::service_name: 'httpd' + nova::wsgi::apache::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::api::service_name: 'httpd' - nova::wsgi::apache::ssl: false nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::wsgi::apache::servername: str_replace: template: '"%{::fqdn_$NETWORK}"' params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} |